Category: Computer Security

Posted on
by

I regularly get bogus bounces from clueless virus scanners that don’t realize the sending address is fake 99% of the time, but this takes the cake:

Sometime last night I received three copies of the same notice from some system in Brazil. They had written their virus warning in Microsoft Word, saved it as HTML without cleaning up all the extra junk, and made it the only part of the message… in Base64 encoding!

If you’re going to send any kind of diagnostic notice by email, you want it to be as simple and widely readable as possible. That means plain text (not HTML or Base64, and certainly not both!) It also means if you do want to use HTML, at least clean it up and include a plain-text alternative. For all you know it’s going to be read by some admin logging into a GUIless server through SSH over a modem connection on a hotel phone line!

Posted on
by

This morning I recieved both a bogus “Out of Office” reply from someone at Halliburton (presumably from a virus that spoofed my address as the sender) and a new 419 scam variant, this one claiming to be someone in Iraq. (I still think of them as Nigerian scams, but they’ve gone seriously international over the past year or so.) Subject line: “EVERY IMPORTANT” (really!)

Something to consider on those vacation messages: I was just sent some random Halliburton employee’s cell phone number. Not that I have any use for it, but would you hand out your cell number to any random person on the Internet? I know I wouldn’t!

Posted on
by

I just came across an article on non-password authentication that refers back to an April 2004 survey of office workers which found that “71% were willing to part with their password for a chocolate bar.”

Wow. I know they say everyone has their price, but this is ridiculous.

It reminds me of the comic book Underworld Unleashed, in which a demon approached various DC villains offering to give them enhanced powers in exchange for their souls. The Joker sold his soul in exchange for… a box of cigars. “They’re cubans!” he explained.

Another good one: “I work in a financial call centre, our password changes daily, but I do not have a problem remembering it as it is written on the board so that every one can see it.”

Un. be. lievable.

Posted on
by

CNET posted an article today, Concern grows over browser security, about the rise in browser-based attacks (mostly spoofed sites for phishing, but also attempts to install viruses and other malware through web browser security holes).

What’s interesting about the article is that nowhere does it mention Mozilla, Opera or Safari.

Could it be that attacks through these browsers are less common than attacks through Internet Explorer, even adjusted for market share? (Sure, IE has more than 90%, but there are a lot of people using the others.)

Or could it be that the author has succumbed to the “Web Browser = MSIE” belief?

If nothing else, you’d think that their statistics would have a bit more information, but it’s a single number for “browser” attacks. Nothing more detailed than that.

To be fair, the press release doesn’t provide any better numbers. In fact, it mentions no browser by name at all. (One can hope their data is a bit more detailed, but the purpose of the study appears to have been to identify trends in types of attacks, not in the software targeted.) And yet IE is the only browser CNET mentions, despite the alternatives’ better security records.

Posted on
by

Apparently a security firm has discovered a way to trick Mac OS X into running a trojan horse. The technique involves creating a data file, but embedding a Carbon program in it. (Carbon is a programming interface aimed at making it easy to convert older Mac applications to run on Mac OS X without switching into Classic mode.)

According to Intego, Finder will see only the file type data display a spoofed icon identifying the file as (in their example) an MP3, but actually double-clicking on the file will cause the OS to notice the program code and run it. Their proof-of-concept code runs itself, then opens the file in iTunes in order to avoid looking suspicious.

This is very similar to a (fixed, but still present in a zillion unpatched systems) bug in Internet Explorer for Windows that was exploited by many mass-mailing viruses. In that case, IE would decide whether a file was safe by checking the MIME type sent by the server, then use the file extension to decide how to load the file. Viruses would generate messages embedding supposed MIDI files that Outlook would try to play, but instead of handing it to a MIDI player, it would ask the OS to open the file. Without the MIME info, Windows would see it was a program file and run the virus.

If this is confirmed, it will probably not be a vector for e-mail viruses, because the standard mail and web apps for Mac OS X don’t automatically run things the way Outlook, Outlook Express and Internet Explorer do.

No, the real danger will be viruses that spread through peer-to-peer file sharing networks. Download a supposed MP3 off of Gnutella, open up your music folder, double-click on it, and you’re infected.

Apple has said they “are aware of the potential issue… and are working proactively to investigate it.”

(Why is this news? Because it’s Apple, and because it’s so similar to a popular virus vector in Windows. Exploitable vulnerabilities are found so often in Windows I hardly blink.)

Updated slightly based on some real analysis (see comments).